milo2012 · January 21, 2019 05:55
diff --git a/gistfile1.txt b/gistfile1.txt
 import sys
 import optparse
 import os
 pathName='/pentest/hostapd-wpe/certs/'
 hostapdPath='/pentest/hostapd-wpe/'

 '''
 #Example
 # python /pentest/eap.py  -h
 Usage: eap.py [options]
 Options:
  -h, --help           show this help message and exit
  -c COMPANYNAME       Company Name
  -d DOMAINNAME        Domain Name
  -s SSIDNAME          SSID
  --channel=CHANNELNO  Wifi Channel No

 python /pentest/eap.py -c Corporatewifi -d corporatewifi.com -s CorporateWifi --channel 11
 '''

 caCnfText='''
 [ ca ]
 default_ca		= CA_default

 [ CA_default ]
 dir			= ./
 certs			= $dir
 crl_dir			= $dir/crl
 database		= $dir/index.txt
 new_certs_dir		= $dir
 certificate		= $dir/ca.pem
 serial			= $dir/serial
 crl			= $dir/crl.pem
 private_key		= $dir/ca.key
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
 default_days		= 365
 default_crl_days	= 30
 default_md		= md5
 preserve		= no
 policy			= policy_match

 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional

 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional

 [ req ]
 prompt			= no
 distinguished_name	= certificate_authority
 default_bits		= 2048
 input_password		= whatever
 output_password		= whatever
 x509_extensions		= v3_ca

 [certificate_authority]
 countryName		= SG
 stateOrProvinceName	= Singapore
 localityName		= Singapore
 organizationName	= [issuerName]
 emailAddress		= admin@[domainName]
 commonName		= "[companyName]"

 [v3_ca]
 subjectKeyIdentifier	= hash
 authorityKeyIdentifier	= keyid:always,issuer:always
 basicConstraints	= CA:true
 '''
 serverCnfText='''
 [ ca ]
 default_ca		= CA_default

 [ CA_default ]
 dir			= ./
 certs			= $dir
 crl_dir			= $dir/crl
 database		= $dir/index.txt
 new_certs_dir		= $dir
 certificate		= $dir/server.pem
 serial			= $dir/serial
 crl			= $dir/crl.pem
 private_key		= $dir/server.key
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
 default_days		= 365
 default_crl_days	= 30
 default_md		= md5
 preserve		= no
 policy			= policy_match

 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional

 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional

 [ req ]
 prompt			= no
 distinguished_name	= server
 default_bits		= 2048
 input_password		= whatever
 output_password		= whatever

 [server]
 countryName		= SG
 stateOrProvinceName	= Singapore
 localityName		= Singapore
 organizationName	= [issuerName]
 emailAddress		= admin@[domainName]
 commonName		= "[companyName]"
 '''
 hostapdCnf='''
 interface=[wlaninterface]

 eap_user_file=/etc/hostapd-wpe/hostapd-wpe.eap_user
 ca_cert=/pentest/hostapd-wpe/certs/ca.pem
 server_cert=/pentest/hostapd-wpe/certs/server.pem
 private_key=/pentest/hostapd-wpe/certs/server.pem
 private_key_passwd=whatever
 dh_file=/pentest/hostapd-wpe/certs/dh
 ssid=[ssid]
 hw_mode=g
 channel=[channelNo]
 eap_server=1
 eap_fast_a_id=101112131415161718191a1b1c1d1e1f
 eap_fast_a_id_info=hostapd-wpe
 eap_fast_prov=3
 ieee8021x=1
 pac_key_lifetime=604800
 pac_key_refresh_time=86400
 pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
 wpa=2
 wpa_key_mgmt=WPA-EAP
 wpa_pairwise=TKIP
 rsn_pairwise=CCMP
 #wpa_pairwise=CCMP
 logger_syslog=-1
 logger_syslog_level=5
 #logger_stdout=-1
 #logger_stdout_level=5
 ctrl_interface=/var/run/hostapd
 ctrl_interface_group=0
 beacon_int=100
 dtim_period=2
 max_num_sta=255
 rts_threshold=2347
 fragm_threshold=2346
 macaddr_acl=0
 auth_algs=1
 #auth_algs=3
 #ignore_broadcast_ssid=1
 ignore_broadcast_ssid=0
 wmm_enabled=1
 wmm_ac_bk_cwmin=4
 wmm_ac_bk_cwmax=10
 wmm_ac_bk_aifs=7
 wmm_ac_bk_txop_limit=0
 wmm_ac_bk_acm=0
 wmm_ac_be_aifs=3
 wmm_ac_be_cwmin=4
 wmm_ac_be_cwmax=10
 wmm_ac_be_txop_limit=0
 wmm_ac_be_acm=0
 wmm_ac_vi_aifs=2
 wmm_ac_vi_cwmin=3
 wmm_ac_vi_cwmax=4
 wmm_ac_vi_txop_limit=94
 wmm_ac_vi_acm=0
 wmm_ac_vo_aifs=2
 wmm_ac_vo_cwmin=2
 wmm_ac_vo_cwmax=3
 wmm_ac_vo_txop_limit=47
 wmm_ac_vo_acm=0
 eapol_key_index_workaround=0
 own_ip_addr=127.0.0.1
 '''

 companyName='mapletree.win'
 issuerName='hfcert01'
 domainName='mapletree.win'
 ssidName='Mapletree_Staff'
 #ssidName='Mapletree_BYOD'
 channelNo=3
 interface='wlan2'

 parser = optparse.OptionParser()
 parser.add_option('-c', action="store", dest="companyName")
 parser.add_option('-d', action="store", dest="domainName")
 parser.add_option('-s', action="store", dest="ssidName")
 parser.add_option('-i', action="store", dest="interface")
 parser.add_option('--channel', action="store", dest="channelNo")
 options, remainder = parser.parse_args()

 if options.companyName:
 	companyName=options.companyName
 if options.domainName:
 	domainName=options.domainName
 if options.ssidName:
 	ssidName=options.ssidName
 if options.channelNo:
 	channelNo=options.channelNo
 if options.interface:
 	interface=options.interface
 domainName=domainName.strip()
 companyName=companyName.strip()
 ssidName=ssidName.strip()
 issuerName=issuerName.strip()

 cmd="cd "+pathName+" && rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*"
 print cmd
 os.system(cmd)

 serverCnfText=serverCnfText.replace('[companyName]',companyName)
 serverCnfText=serverCnfText.replace('[domainName]',domainName)
 serverCnfText=serverCnfText.replace('[issuerName]',issuerName)
 text_file = open(pathName+"server.cnf", "w")
 text_file.write(serverCnfText)
 text_file.close()

 caCnfText=caCnfText.replace('[companyName]',companyName)
 caCnfText=caCnfText.replace('[domainName]',domainName)
 caCnfText=caCnfText.replace('[issuerName]',issuerName)
 text_file = open(pathName+"ca.cnf", "w")
 text_file.write(serverCnfText)
 text_file.close()

 hostapdCnf=hostapdCnf.replace('[ssid]',ssidName)
 hostapdCnf=hostapdCnf.replace('[channelNo]',str(channelNo))
 hostapdCnf=hostapdCnf.replace('[wlaninterface]',interface)
 text_file = open(hostapdPath+"hostapd-wpe.conf", "w")
 text_file.write(hostapdCnf)
 text_file.close()

 cmd=pathName+'bootstrap'
 print cmd
 os.system(cmd)

 #cmd='cd '+hostapdPath+' && '+hostapdPath+'hostapd-wpe '+hostapdPath+'hostapd-wpe.conf'
 cmd='hostapd-wpe -k -s '+hostapdPath+'hostapd-wpe.conf'
 print cmd
 os.system(cmd)
	import sys
	import optparse
	import os
	pathName='/pentest/hostapd-wpe/certs/'
	hostapdPath='/pentest/hostapd-wpe/'

	'''
	#Example
	# python /pentest/eap.py -h
	Usage: eap.py [options]
	Options:
	-h, --help show this help message and exit
	-c COMPANYNAME Company Name
	-d DOMAINNAME Domain Name
	-s SSIDNAME SSID
	--channel=CHANNELNO Wifi Channel No

	python /pentest/eap.py -c Corporatewifi -d corporatewifi.com -s CorporateWifi --channel 11
	'''

	caCnfText='''
	[ ca ]
	default_ca = CA_default

	[ CA_default ]
	dir = ./
	certs = $dir
	crl_dir = $dir/crl
	database = $dir/index.txt
	new_certs_dir = $dir
	certificate = $dir/ca.pem
	serial = $dir/serial
	crl = $dir/crl.pem
	private_key = $dir/ca.key
	RANDFILE = $dir/.rand
	name_opt = ca_default
	cert_opt = ca_default
	default_days = 365
	default_crl_days = 30
	default_md = md5
	preserve = no
	policy = policy_match

	[ policy_match ]
	countryName = match
	stateOrProvinceName = match
	organizationName = match
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	[ policy_anything ]
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	[ req ]
	prompt = no
	distinguished_name = certificate_authority
	default_bits = 2048
	input_password = whatever
	output_password = whatever
	x509_extensions = v3_ca

	[certificate_authority]
	countryName = SG
	stateOrProvinceName = Singapore
	localityName = Singapore
	organizationName = [issuerName]
	emailAddress = admin@[domainName]
	commonName = "[companyName]"

	[v3_ca]
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid:always,issuer:always
	basicConstraints = CA:true
	'''
	serverCnfText='''
	[ ca ]
	default_ca = CA_default

	[ CA_default ]
	dir = ./
	certs = $dir
	crl_dir = $dir/crl
	database = $dir/index.txt
	new_certs_dir = $dir
	certificate = $dir/server.pem
	serial = $dir/serial
	crl = $dir/crl.pem
	private_key = $dir/server.key
	RANDFILE = $dir/.rand
	name_opt = ca_default
	cert_opt = ca_default
	default_days = 365
	default_crl_days = 30
	default_md = md5
	preserve = no
	policy = policy_match

	[ policy_match ]
	countryName = match
	stateOrProvinceName = match
	organizationName = match
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	[ policy_anything ]
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	[ req ]
	prompt = no
	distinguished_name = server
	default_bits = 2048
	input_password = whatever
	output_password = whatever

	[server]
	countryName = SG
	stateOrProvinceName = Singapore
	localityName = Singapore
	organizationName = [issuerName]
	emailAddress = admin@[domainName]
	commonName = "[companyName]"
	'''
	hostapdCnf='''
	interface=[wlaninterface]

	eap_user_file=/etc/hostapd-wpe/hostapd-wpe.eap_user
	ca_cert=/pentest/hostapd-wpe/certs/ca.pem
	server_cert=/pentest/hostapd-wpe/certs/server.pem
	private_key=/pentest/hostapd-wpe/certs/server.pem
	private_key_passwd=whatever
	dh_file=/pentest/hostapd-wpe/certs/dh
	ssid=[ssid]
	hw_mode=g
	channel=[channelNo]
	eap_server=1
	eap_fast_a_id=101112131415161718191a1b1c1d1e1f
	eap_fast_a_id_info=hostapd-wpe
	eap_fast_prov=3
	ieee8021x=1
	pac_key_lifetime=604800
	pac_key_refresh_time=86400
	pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
	wpa=2
	wpa_key_mgmt=WPA-EAP
	wpa_pairwise=TKIP
	rsn_pairwise=CCMP
	#wpa_pairwise=CCMP
	logger_syslog=-1
	logger_syslog_level=5
	#logger_stdout=-1
	#logger_stdout_level=5
	ctrl_interface=/var/run/hostapd
	ctrl_interface_group=0
	beacon_int=100
	dtim_period=2
	max_num_sta=255
	rts_threshold=2347
	fragm_threshold=2346
	macaddr_acl=0
	auth_algs=1
	#auth_algs=3
	#ignore_broadcast_ssid=1
	ignore_broadcast_ssid=0
	wmm_enabled=1
	wmm_ac_bk_cwmin=4
	wmm_ac_bk_cwmax=10
	wmm_ac_bk_aifs=7
	wmm_ac_bk_txop_limit=0
	wmm_ac_bk_acm=0
	wmm_ac_be_aifs=3
	wmm_ac_be_cwmin=4
	wmm_ac_be_cwmax=10
	wmm_ac_be_txop_limit=0
	wmm_ac_be_acm=0
	wmm_ac_vi_aifs=2
	wmm_ac_vi_cwmin=3
	wmm_ac_vi_cwmax=4
	wmm_ac_vi_txop_limit=94
	wmm_ac_vi_acm=0
	wmm_ac_vo_aifs=2
	wmm_ac_vo_cwmin=2
	wmm_ac_vo_cwmax=3
	wmm_ac_vo_txop_limit=47
	wmm_ac_vo_acm=0
	eapol_key_index_workaround=0
	own_ip_addr=127.0.0.1
	'''

	companyName='mapletree.win'
	issuerName='hfcert01'
	domainName='mapletree.win'
	ssidName='Mapletree_Staff'
	#ssidName='Mapletree_BYOD'
	channelNo=3
	interface='wlan2'

	parser = optparse.OptionParser()
	parser.add_option('-c', action="store", dest="companyName")
	parser.add_option('-d', action="store", dest="domainName")
	parser.add_option('-s', action="store", dest="ssidName")
	parser.add_option('-i', action="store", dest="interface")
	parser.add_option('--channel', action="store", dest="channelNo")
	options, remainder = parser.parse_args()

	if options.companyName:
	companyName=options.companyName
	if options.domainName:
	domainName=options.domainName
	if options.ssidName:
	ssidName=options.ssidName
	if options.channelNo:
	channelNo=options.channelNo
	if options.interface:
	interface=options.interface
	domainName=domainName.strip()
	companyName=companyName.strip()
	ssidName=ssidName.strip()
	issuerName=issuerName.strip()

	cmd="cd "+pathName+" && rm -f .pem .der .csr .crt .key .p12 serial* index.txt*"
	print cmd
	os.system(cmd)

	serverCnfText=serverCnfText.replace('[companyName]',companyName)
	serverCnfText=serverCnfText.replace('[domainName]',domainName)
	serverCnfText=serverCnfText.replace('[issuerName]',issuerName)
	text_file = open(pathName+"server.cnf", "w")
	text_file.write(serverCnfText)
	text_file.close()

	caCnfText=caCnfText.replace('[companyName]',companyName)
	caCnfText=caCnfText.replace('[domainName]',domainName)
	caCnfText=caCnfText.replace('[issuerName]',issuerName)
	text_file = open(pathName+"ca.cnf", "w")
	text_file.write(serverCnfText)
	text_file.close()

	hostapdCnf=hostapdCnf.replace('[ssid]',ssidName)
	hostapdCnf=hostapdCnf.replace('[channelNo]',str(channelNo))
	hostapdCnf=hostapdCnf.replace('[wlaninterface]',interface)
	text_file = open(hostapdPath+"hostapd-wpe.conf", "w")
	text_file.write(hostapdCnf)
	text_file.close()

	cmd=pathName+'bootstrap'
	print cmd
	os.system(cmd)

	#cmd='cd '+hostapdPath+' && '+hostapdPath+'hostapd-wpe '+hostapdPath+'hostapd-wpe.conf'
	cmd='hostapd-wpe -k -s '+hostapdPath+'hostapd-wpe.conf'
	print cmd
	os.system(cmd)